qmail

qmail

The qmail server is the best MTA available.
It's modular and secure, it uses it's own system library replacements to avoid
buffer overflow exploits.
Think of qmail, and the extensions available for it, as a toolbox of components
to assemble into an efficient mail server that will fit any need.
If you're not that creative, you probably should use
Postfix instead.

Recipient checking

box@host

A qmail server will normally accept email for any box part recipient address for
a host that exists in control/rcpthosts.
One can go a step further and validate the box part by patching or replacing
qmail-smtpd.
Attempts to queue bogus messages during the initial SMTP conversation are
therefore rejected.
Messages to non existent recipients are not accepted.
Also, joe job bounces to forged recipients aren't accepted, stopping them from
becoming double bounces.
This will prevent using yet more CPU, I/O and bandwidth processing bounce
messages later.
Here are several options,
ordered as to how far a qmail server will be penetrated, until the attempt is
rejected or the message discarded.

Implementing secure qmail-pop3d

Notes:
The POP server that
comes with qmail is capable, but not secure.
All usernames, passwords and messages are sent in snoopable plain text.
I prefer using sslserver, a
tcpserver
replacement, to encrypt communications.
It assumes that you will be using gcc, here is a simple
patch
that converts it to cc syntax.
Your POP clients should now SSL connect to port 995.
If you use an editor, remove each ? and the EOF, and
remove the \ before each $.

Mac OS X and qmail

Here are instructions to install
qmail, daemontools and ucspi-tcp.
It's a modified Life with qmail install.

Notes:
A simple patch is needed for
the install on a single CPU Mac OS X Panther 10.3 or Tiger 10.4 machine.
Please read this
note
if you are using Mac OS X Tiger 10.4.
Xcode Tools must be installed, see
Apple Developer Connection.
A dual CPU machine will crash under high load.
CHUD is a custom install option with Xcode Tools, it gives you a
Hardware.prefPane to disable the second CPU.
You run nireport to see the assigned gids and uids, choose unique
ones for qmail.
Changing mailq to qmailctl queue in
/etc/periodic/daily/500.daily changes from Postfix to qmail.
Installing daemontools creates /etc/rc.local, it's not consulted
during startup and can be removed.
Using SetFile makes ~/Maildir/ invisible to the
Finder, this is optional.
Verify your install with
inst_check, v2003-11-10 will show alias errors due to the
passwd format.
Fix that by changing the 6 to a 9 in line 241.
The /usr/sbin/sendmail binary exists,
/usr/lib/sendmail doesn't.
If you use an editor, remove each ? and the EOF, and
remove the \ before each ` and $.

Other

The
rblsmtpd-nodefaultrbl patch allows setting an RBLSMTPD action and response,
without using external DNSBLs.

If your dynamic IP qmail server is being rejected, the
qmail-remote[-fallback] patches route otherwise undeliverable messages
through your ISP.
The netqmail-tls-remote-fallback.patch is a modified qmail-remote-fallback.patch that applies cleanly into netqmail-1.06 after
Frederik Vermeulen's netqmail-1.05-tls-20070408.patch or Bill Shupp's
netqmail-1.05-tls-smtpauth-20070417.patch has been applied.